Class ContentSecurityPolicyServerHttpHeadersWriter
- java.lang.Object
-
- org.springframework.security.web.server.header.ContentSecurityPolicyServerHttpHeadersWriter
-
- All Implemented Interfaces:
ServerHttpHeadersWriter
public final class ContentSecurityPolicyServerHttpHeadersWriter extends java.lang.Object implements ServerHttpHeadersWriter
Writes theContet-Security-Policy
response header with configured policy directives.- Since:
- 5.1
-
-
Field Summary
Fields Modifier and Type Field Description static java.lang.String
CONTENT_SECURITY_POLICY
static java.lang.String
CONTENT_SECURITY_POLICY_REPORT_ONLY
-
Constructor Summary
Constructors Constructor Description ContentSecurityPolicyServerHttpHeadersWriter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description void
setPolicyDirectives(java.lang.String policyDirectives)
Set the policy directive(s) to be used in the response header.void
setReportOnly(boolean reportOnly)
Set whether to include theContent-Security-Policy-Report-Only
header in the response.reactor.core.publisher.Mono<java.lang.Void>
writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange)
Write the headers to the response.
-
-
-
Field Detail
-
CONTENT_SECURITY_POLICY
public static final java.lang.String CONTENT_SECURITY_POLICY
- See Also:
- Constant Field Values
-
CONTENT_SECURITY_POLICY_REPORT_ONLY
public static final java.lang.String CONTENT_SECURITY_POLICY_REPORT_ONLY
- See Also:
- Constant Field Values
-
-
Method Detail
-
writeHttpHeaders
public reactor.core.publisher.Mono<java.lang.Void> writeHttpHeaders(org.springframework.web.server.ServerWebExchange exchange)
Description copied from interface:ServerHttpHeadersWriter
Write the headers to the response.- Specified by:
writeHttpHeaders
in interfaceServerHttpHeadersWriter
- Returns:
- A Mono which is returned to the
Supplier
of theReactiveHttpOutputMessage.beforeCommit(Supplier)
.
-
setPolicyDirectives
public void setPolicyDirectives(java.lang.String policyDirectives)
Set the policy directive(s) to be used in the response header.- Parameters:
policyDirectives
- the policy directive(s)- Throws:
java.lang.IllegalArgumentException
- if policyDirectives isnull
or empty
-
setReportOnly
public void setReportOnly(boolean reportOnly)
Set whether to include theContent-Security-Policy-Report-Only
header in the response. Otherwise, defaults to theContent-Security-Policy
header.- Parameters:
reportOnly
- whether to only report policy violations
-
-